Your app probably needs a way to authenticate users. That's easy with Nhost.
Nhost Authentication integrates tightly with other services in your Nhost project, such as Hasura and Storage.
You can log in users with:
For easy integration with auth (and storage) in your app, use nhost-js-sdk.
Nhost Authentication uses JWT-tokens and refresh-tokens. A JWT token is used in a GraphQL API request to authenticate the user and to resolve Hasura permissions. A refresh tokens is used to request new JWT-token.
A JWT-token can not be revoked; they can only expire. Because of that, JWT tokens are short-lived (15 min). Before a JWT-token expires, the client should request a new JWT-token using the refresh token. A refresh token can be revoked and is long-lived (1 year). To revoke a refresh-token, remove the refresh-token from the database in the auth.refresh_tokens
table.
You can configure the expiration time for both JWT-tokens and refresh-tokens in the Nhost console under Settings -> Authentication.
By default, each JWT-token includes the user's id and roles as claims. Here's an example:
{
"https://hasura.io/jwt/claims": {
"x-hasura-allowed-roles": ["user", "me"],
"x-hasura-default-role": "user",
"x-hasura-user-id": "c8ee8353-b886-4530-9089-631ea7fd4c8a"
},
"iat": 1595146465,
"exp": 1595147365
}
You can add more claims to the JWT token using custom user columns.